CVE-2026-59101

Source
https://cve.org/CVERecord?id=CVE-2026-59101
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-59101.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-59101
Published
2026-07-02T19:43:41.668Z
Modified
2026-07-09T03:51:23.204756187Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
AutoBangumi < 3.2.8 - SSRF via /api/v1/setup/test-downloader
Details

AutoBangumi before 3.2.8 contains a server-side request forgery (SSRF) vulnerability that allows unauthenticated remote attackers to probe internal network services by supplying arbitrary host values to an unprotected setup endpoint. Attackers can send requests to the POST /api/v1/setup/test-downloader endpoint during the initial setup window, causing the server to issue HTTP GET requests to internal or reserved addresses and leak information through echoed connection-error messages.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/59xxx/CVE-2026-59101.json",
    "cwe_ids": [
        "CWE-918"
    ],
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/estrellaxd/auto_bangumi

Affected ranges

Type
GIT
Repo
https://github.com/estrellaxd/auto_bangumi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "DESCRIPTION",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.2.8"
        }
    ]
}

Affected versions

2.*
2.3.1
2.3.3
2.3.4
2.3.5
2.4.0
2.4.3
2.4.5
2.4.7
2.5.0
2.5.10
2.5.11
2.5.12
2.5.13
2.5.14
2.5.15
2.5.16
2.5.17
2.5.18
2.5.19
2.5.2
2.5.20
2.5.21
2.5.21-2
2.5.21-3
2.5.21-4
2.5.21-5
2.5.22
2.5.23
2.5.24
2.5.25
2.5.25-fix
2.5.3
2.5.6
2.5.7
2.5.7-1
2.5.7-2
2.5.8
2.5.9
2.6.0
2.6.1
2.6.10
2.6.2
2.6.3
2.6.4
2.6.5
2.6.5-fix
2.6.6
2.6.7
2.6.8
2.6.9
3.*
3.0
3.0.0
3.0.1
3.0.10
3.0.11
3.0.12
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.18
3.1.2
3.1.3
3.1.4
3.1.5
3.1.6
3.1.6-fix
3.1.7
3.1.8
3.1.9
3.2.0
3.2.1
3.2.2
3.2.3
3.2.3-beta.1
3.2.4
3.2.5
3.2.6
Other
stable

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-59101.json"